You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Ramesh Mani <rm...@hortonworks.com> on 2017/08/03 18:53:32 UTC
Review Request 61412: RANGER-1649:Ranger Solr Plugin fails to refresh
policy due to failure in ticket renewal mechanism
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61412/
-----------------------------------------------------------
Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Selvamohan Neethiraj, and Velmurugan Periasamy.
Bugs: RANGER-1649
https://issues.apache.org/jira/browse/RANGER-1649
Repository: ranger
Description
-------
RANGER-1649:Ranger Solr Plugin fails to refresh policy due to failure in ticket renewal mechanism
Diffs
-----
plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java 5c4e066
Diff: https://reviews.apache.org/r/61412/diff/1/
Testing
-------
Testing done in local VM.
Thanks,
Ramesh Mani
Re: Review Request 61412: RANGER-1649:Ranger Solr Plugin fails to
refresh policy due to failure in ticket renewal mechanism
Posted by Ramesh Mani <rm...@hortonworks.com>.
> On Aug. 8, 2017, 4:37 p.m., Colm O hEigeartaigh wrote:
> > Thanks for the explanation! You could delete the "authWithConfig" method as part of this patch, as it's not used by any other code.
I have removed the unused function
- Ramesh
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61412/#review182403
-----------------------------------------------------------
On Aug. 9, 2017, 5:37 p.m., Ramesh Mani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61412/
> -----------------------------------------------------------
>
> (Updated Aug. 9, 2017, 5:37 p.m.)
>
>
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Selvamohan Neethiraj, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1649
> https://issues.apache.org/jira/browse/RANGER-1649
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-1649:Ranger Solr Plugin fails to refresh policy due to failure in ticket renewal mechanism
>
>
> Diffs
> -----
>
> agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java 7a1d458
> plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java 5c4e066
>
>
> Diff: https://reviews.apache.org/r/61412/diff/3/
>
>
> Testing
> -------
>
> fixed PMD issue with earlier patch.
> Testing done in local VM.
>
>
> Thanks,
>
> Ramesh Mani
>
>
Re: Review Request 61412: RANGER-1649:Ranger Solr Plugin fails to
refresh policy due to failure in ticket renewal mechanism
Posted by Colm O hEigeartaigh <co...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61412/#review182403
-----------------------------------------------------------
Thanks for the explanation! You could delete the "authWithConfig" method as part of this patch, as it's not used by any other code.
- Colm O hEigeartaigh
On Aug. 8, 2017, 12:45 a.m., Ramesh Mani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61412/
> -----------------------------------------------------------
>
> (Updated Aug. 8, 2017, 12:45 a.m.)
>
>
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Selvamohan Neethiraj, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1649
> https://issues.apache.org/jira/browse/RANGER-1649
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-1649:Ranger Solr Plugin fails to refresh policy due to failure in ticket renewal mechanism
>
>
> Diffs
> -----
>
> plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java 5c4e066
>
>
> Diff: https://reviews.apache.org/r/61412/diff/2/
>
>
> Testing
> -------
>
> fixed PMD issue with earlier patch.
> Testing done in local VM.
>
>
> Thanks,
>
> Ramesh Mani
>
>
Re: Review Request 61412: RANGER-1649:Ranger Solr Plugin fails to
refresh policy due to failure in ticket renewal mechanism
Posted by Abhay Kulkarni <ak...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61412/#review182524
-----------------------------------------------------------
Ship it!
Ship It!
- Abhay Kulkarni
On Aug. 9, 2017, 5:37 p.m., Ramesh Mani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61412/
> -----------------------------------------------------------
>
> (Updated Aug. 9, 2017, 5:37 p.m.)
>
>
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Selvamohan Neethiraj, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1649
> https://issues.apache.org/jira/browse/RANGER-1649
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-1649:Ranger Solr Plugin fails to refresh policy due to failure in ticket renewal mechanism
>
>
> Diffs
> -----
>
> agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java 7a1d458
> plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java 5c4e066
>
>
> Diff: https://reviews.apache.org/r/61412/diff/3/
>
>
> Testing
> -------
>
> fixed PMD issue with earlier patch.
> Testing done in local VM.
>
>
> Thanks,
>
> Ramesh Mani
>
>
Re: Review Request 61412: RANGER-1649:Ranger Solr Plugin fails to
refresh policy due to failure in ticket renewal mechanism
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61412/
-----------------------------------------------------------
(Updated Aug. 9, 2017, 5:37 p.m.)
Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Selvamohan Neethiraj, and Velmurugan Periasamy.
Changes
-------
Remove unused function
Bugs: RANGER-1649
https://issues.apache.org/jira/browse/RANGER-1649
Repository: ranger
Description
-------
RANGER-1649:Ranger Solr Plugin fails to refresh policy due to failure in ticket renewal mechanism
Diffs (updated)
-----
agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java 7a1d458
plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java 5c4e066
Diff: https://reviews.apache.org/r/61412/diff/3/
Changes: https://reviews.apache.org/r/61412/diff/2-3/
Testing
-------
fixed PMD issue with earlier patch.
Testing done in local VM.
Thanks,
Ramesh Mani
Re: Review Request 61412: RANGER-1649:Ranger Solr Plugin fails to
refresh policy due to failure in ticket renewal mechanism
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61412/
-----------------------------------------------------------
(Updated Aug. 8, 2017, 12:45 a.m.)
Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Selvamohan Neethiraj, and Velmurugan Periasamy.
Changes
-------
RANGER-1649:Ranger Solr Plugin fails to refresh policy due to failure in ticket renewal mechanism - PMD fix
Bugs: RANGER-1649
https://issues.apache.org/jira/browse/RANGER-1649
Repository: ranger
Description
-------
RANGER-1649:Ranger Solr Plugin fails to refresh policy due to failure in ticket renewal mechanism
Diffs (updated)
-----
plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java 5c4e066
Diff: https://reviews.apache.org/r/61412/diff/2/
Changes: https://reviews.apache.org/r/61412/diff/1-2/
Testing (updated)
-------
fixed PMD issue with earlier patch.
Testing done in local VM.
Thanks,
Ramesh Mani
Re: Review Request 61412: RANGER-1649:Ranger Solr Plugin fails to
refresh policy due to failure in ticket renewal mechanism
Posted by Ramesh Mani <rm...@hortonworks.com>.
> On Aug. 4, 2017, 10:23 a.m., Colm O hEigeartaigh wrote:
> > Why does setUGIFromJAASConfig solve the problem as opposed to authWithConfig? It's not really clear from the bug description. One potential issue is that setUGIFromJAASConfig requires a KeyTab in JAAS configuration, whereas authWithConfig looks like it would work with a password.
Your Observation is correct. Ranger Plugin for non core Hadoop components like Solr, when it uses Hadoop UserGroupInformation api to set/get the UGI, and this UGI is used for Authenticated call to Download Policy / Audit to HDFS. When TGT expires there was failure as it never got renewed. (Core components like Hdfs, hive, hbase internally taking care of this with right keytab login and renewal ). So in this case when we do a MiscUtil.getUGILoginUser() to get UGI at the plugin, this call will invoke UGI.checkTGTAndReloginFromKeytab() to check and renew the TGT. This fails if the UGI is not created with Principal/Keytab.
In this issue when authWithConfig(), it uses the just Subject() alone to login and as a result checkTGTAndReloginFromKeytab() failed. I have updated the Description with the details.
- Ramesh
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61412/#review182195
-----------------------------------------------------------
On Aug. 3, 2017, 6:53 p.m., Ramesh Mani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61412/
> -----------------------------------------------------------
>
> (Updated Aug. 3, 2017, 6:53 p.m.)
>
>
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Selvamohan Neethiraj, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1649
> https://issues.apache.org/jira/browse/RANGER-1649
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-1649:Ranger Solr Plugin fails to refresh policy due to failure in ticket renewal mechanism
>
>
> Diffs
> -----
>
> plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java 5c4e066
>
>
> Diff: https://reviews.apache.org/r/61412/diff/1/
>
>
> Testing
> -------
>
> Testing done in local VM.
>
>
> Thanks,
>
> Ramesh Mani
>
>
Re: Review Request 61412: RANGER-1649:Ranger Solr Plugin fails to
refresh policy due to failure in ticket renewal mechanism
Posted by Colm O hEigeartaigh <co...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61412/#review182195
-----------------------------------------------------------
Why does setUGIFromJAASConfig solve the problem as opposed to authWithConfig? It's not really clear from the bug description. One potential issue is that setUGIFromJAASConfig requires a KeyTab in JAAS configuration, whereas authWithConfig looks like it would work with a password.
- Colm O hEigeartaigh
On Aug. 3, 2017, 6:53 p.m., Ramesh Mani wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61412/
> -----------------------------------------------------------
>
> (Updated Aug. 3, 2017, 6:53 p.m.)
>
>
> Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Selvamohan Neethiraj, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1649
> https://issues.apache.org/jira/browse/RANGER-1649
>
>
> Repository: ranger
>
>
> Description
> -------
>
> RANGER-1649:Ranger Solr Plugin fails to refresh policy due to failure in ticket renewal mechanism
>
>
> Diffs
> -----
>
> plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java 5c4e066
>
>
> Diff: https://reviews.apache.org/r/61412/diff/1/
>
>
> Testing
> -------
>
> Testing done in local VM.
>
>
> Thanks,
>
> Ramesh Mani
>
>